lumma | hxxps://youtube[.]com

Analysis

max time kernel
265s
max time network
271s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
02-01-2025 19:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://youtube.com

Score

10^/10

lumma discovery phishing stealer

Malware Config

Extracted

Family

lumma

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

https://fancywaxxers.shop/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing

Suspicious use of SetThreadContext 4 IoCs

description	pid	Process	procid_target
PID 2816 set thread context of 5012	2816	Vanta.exe	119
PID 764 set thread context of 956	764	Vanta.exe	123
PID 3052 set thread context of 2524	3052	Vanta.exe	129
PID 2964 set thread context of 4212	2964	Vanta.exe	132

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Vanta.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Vanta.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Vanta.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Vanta.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Vanta.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Vanta.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 6 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\MuiCache	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	BackgroundTransferHost.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Vanta.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Vanta (1).zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
248	msedge.exe
248	msedge.exe
1424	msedge.exe
1424	msedge.exe
4768	identity_helper.exe
4768	identity_helper.exe
1960	msedge.exe
1960	msedge.exe
1888	msedge.exe
1888	msedge.exe
408	msedge.exe
408	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs

pid	Process
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4156	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4156	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1788	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1424 wrote to memory of 964	1424	msedge.exe	77
PID 1424 wrote to memory of 964	1424	msedge.exe	77
PID 1424 wrote to memory of 4648	1424	msedge.exe	78
PID 1424 wrote to memory of 4648	1424	msedge.exe	78
PID 1424 wrote to memory of 4648	1424	msedge.exe	78
PID 1424 wrote to memory of 4648	1424	msedge.exe	78
PID 1424 wrote to memory of 4648	1424	msedge.exe	78
PID 1424 wrote to memory of 4648	1424	msedge.exe	78
PID 1424 wrote to memory of 4648	1424	msedge.exe	78
PID 1424 wrote to memory of 4648	1424	msedge.exe	78
PID 1424 wrote to memory of 4648	1424	msedge.exe	78
PID 1424 wrote to memory of 4648	1424	msedge.exe	78
PID 1424 wrote to memory of 4648	1424	msedge.exe	78
PID 1424 wrote to memory of 4648	1424	msedge.exe	78
PID 1424 wrote to memory of 4648	1424	msedge.exe	78
PID 1424 wrote to memory of 4648	1424	msedge.exe	78
PID 1424 wrote to memory of 4648	1424	msedge.exe	78
PID 1424 wrote to memory of 4648	1424	msedge.exe	78
PID 1424 wrote to memory of 4648	1424	msedge.exe	78
PID 1424 wrote to memory of 4648	1424	msedge.exe	78
PID 1424 wrote to memory of 4648	1424	msedge.exe	78
PID 1424 wrote to memory of 4648	1424	msedge.exe	78
PID 1424 wrote to memory of 4648	1424	msedge.exe	78
PID 1424 wrote to memory of 4648	1424	msedge.exe	78
PID 1424 wrote to memory of 4648	1424	msedge.exe	78
PID 1424 wrote to memory of 4648	1424	msedge.exe	78
PID 1424 wrote to memory of 4648	1424	msedge.exe	78
PID 1424 wrote to memory of 4648	1424	msedge.exe	78
PID 1424 wrote to memory of 4648	1424	msedge.exe	78
PID 1424 wrote to memory of 4648	1424	msedge.exe	78
PID 1424 wrote to memory of 4648	1424	msedge.exe	78
PID 1424 wrote to memory of 4648	1424	msedge.exe	78
PID 1424 wrote to memory of 4648	1424	msedge.exe	78
PID 1424 wrote to memory of 4648	1424	msedge.exe	78
PID 1424 wrote to memory of 4648	1424	msedge.exe	78
PID 1424 wrote to memory of 4648	1424	msedge.exe	78
PID 1424 wrote to memory of 4648	1424	msedge.exe	78
PID 1424 wrote to memory of 4648	1424	msedge.exe	78
PID 1424 wrote to memory of 4648	1424	msedge.exe	78
PID 1424 wrote to memory of 4648	1424	msedge.exe	78
PID 1424 wrote to memory of 4648	1424	msedge.exe	78
PID 1424 wrote to memory of 4648	1424	msedge.exe	78
PID 1424 wrote to memory of 248	1424	msedge.exe	79
PID 1424 wrote to memory of 248	1424	msedge.exe	79
PID 1424 wrote to memory of 3040	1424	msedge.exe	80
PID 1424 wrote to memory of 3040	1424	msedge.exe	80
PID 1424 wrote to memory of 3040	1424	msedge.exe	80
PID 1424 wrote to memory of 3040	1424	msedge.exe	80
PID 1424 wrote to memory of 3040	1424	msedge.exe	80
PID 1424 wrote to memory of 3040	1424	msedge.exe	80
PID 1424 wrote to memory of 3040	1424	msedge.exe	80
PID 1424 wrote to memory of 3040	1424	msedge.exe	80
PID 1424 wrote to memory of 3040	1424	msedge.exe	80
PID 1424 wrote to memory of 3040	1424	msedge.exe	80
PID 1424 wrote to memory of 3040	1424	msedge.exe	80
PID 1424 wrote to memory of 3040	1424	msedge.exe	80
PID 1424 wrote to memory of 3040	1424	msedge.exe	80
PID 1424 wrote to memory of 3040	1424	msedge.exe	80
PID 1424 wrote to memory of 3040	1424	msedge.exe	80
PID 1424 wrote to memory of 3040	1424	msedge.exe	80
PID 1424 wrote to memory of 3040	1424	msedge.exe	80
PID 1424 wrote to memory of 3040	1424	msedge.exe	80
PID 1424 wrote to memory of 3040	1424	msedge.exe	80
PID 1424 wrote to memory of 3040	1424	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://youtube.com
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9f2cb3cb8,0x7ff9f2cb3cc8,0x7ff9f2cb3cd8
  2⤵
  PID:964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,7407997203512120618,18411339993064427926,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1912 /prefetch:2
  2⤵
  PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1900,7407997203512120618,18411339993064427926,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1900,7407997203512120618,18411339993064427926,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8
  2⤵
  PID:3040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,7407997203512120618,18411339993064427926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:3664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,7407997203512120618,18411339993064427926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:3572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,7407997203512120618,18411339993064427926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4576 /prefetch:1
  2⤵
  PID:3032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,7407997203512120618,18411339993064427926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
  2⤵
  PID:3144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1900,7407997203512120618,18411339993064427926,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4060 /prefetch:8
  2⤵
  PID:3628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1900,7407997203512120618,18411339993064427926,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5044 /prefetch:8
  2⤵
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,7407997203512120618,18411339993064427926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
  2⤵
  PID:4348
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1900,7407997203512120618,18411339993064427926,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5036 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1900,7407997203512120618,18411339993064427926,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6072 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,7407997203512120618,18411339993064427926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:3436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,7407997203512120618,18411339993064427926,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
  2⤵
  PID:972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,7407997203512120618,18411339993064427926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4608 /prefetch:1
  2⤵
  PID:3892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,7407997203512120618,18411339993064427926,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1
  2⤵
  PID:2324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,7407997203512120618,18411339993064427926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3908 /prefetch:1
  2⤵
  PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,7407997203512120618,18411339993064427926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6828 /prefetch:1
  2⤵
  PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,7407997203512120618,18411339993064427926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6752 /prefetch:1
  2⤵
  PID:3176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,7407997203512120618,18411339993064427926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2896 /prefetch:1
  2⤵
  PID:2140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,7407997203512120618,18411339993064427926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7376 /prefetch:1
  2⤵
  PID:3712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,7407997203512120618,18411339993064427926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6732 /prefetch:1
  2⤵
  PID:2528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1900,7407997203512120618,18411339993064427926,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7980 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,7407997203512120618,18411339993064427926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,7407997203512120618,18411339993064427926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8104 /prefetch:1
  2⤵
  PID:1756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,7407997203512120618,18411339993064427926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7700 /prefetch:1
  2⤵
  PID:1668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,7407997203512120618,18411339993064427926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6824 /prefetch:1
  2⤵
  PID:484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,7407997203512120618,18411339993064427926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7596 /prefetch:1
  2⤵
  PID:980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1900,7407997203512120618,18411339993064427926,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6428 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,7407997203512120618,18411339993064427926,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=7780 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,7407997203512120618,18411339993064427926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7676 /prefetch:1
  2⤵
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,7407997203512120618,18411339993064427926,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:4148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,7407997203512120618,18411339993064427926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7976 /prefetch:1
  2⤵
  PID:2668

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3680

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3564

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004BC 0x00000000000004D4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4156

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2032

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2964

C:\Users\Admin\AppData\Local\Temp\Temp1_Vanta.zip\Vanta.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Vanta.zip\Vanta.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:2816
- C:\Users\Admin\AppData\Local\Temp\Temp1_Vanta.zip\Vanta.exe
  "C:\Users\Admin\AppData\Local\Temp\Temp1_Vanta.zip\Vanta.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5012

C:\Users\Admin\Downloads\Vanta\Vanta.exe
"C:\Users\Admin\Downloads\Vanta\Vanta.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:764
- C:\Users\Admin\Downloads\Vanta\Vanta.exe
  "C:\Users\Admin\Downloads\Vanta\Vanta.exe"
  2⤵
  PID:1068
- C:\Users\Admin\Downloads\Vanta\Vanta.exe
  "C:\Users\Admin\Downloads\Vanta\Vanta.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:956

C:\Users\Admin\Downloads\Vanta\Vanta.exe
"C:\Users\Admin\Downloads\Vanta\Vanta.exe"
1⤵
- Suspicious use of SetThreadContext
PID:3052
- C:\Users\Admin\Downloads\Vanta\Vanta.exe
  "C:\Users\Admin\Downloads\Vanta\Vanta.exe"
  2⤵
  PID:4680
- C:\Users\Admin\Downloads\Vanta\Vanta.exe
  "C:\Users\Admin\Downloads\Vanta\Vanta.exe"
  2⤵
  PID:244
- C:\Users\Admin\Downloads\Vanta\Vanta.exe
  "C:\Users\Admin\Downloads\Vanta\Vanta.exe"
  2⤵
  PID:4976
- C:\Users\Admin\Downloads\Vanta\Vanta.exe
  "C:\Users\Admin\Downloads\Vanta\Vanta.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2524

C:\Users\Admin\Downloads\Vanta\Vanta.exe
"C:\Users\Admin\Downloads\Vanta\Vanta.exe"
1⤵
- Suspicious use of SetThreadContext
PID:2964
- C:\Users\Admin\Downloads\Vanta\Vanta.exe
  "C:\Users\Admin\Downloads\Vanta\Vanta.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4212

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1788

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:3256

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
554d6d27186fa7d6762d95dde7a17584

SHA1
93ea7b20b8fae384cf0be0d65e4295097112fdca

SHA256
2fa6145571e1f1ece9850a1ac94661213d3e0d82f1cef7ac1286ff6b2c2017cb

SHA512
57d9008ccabc315bd0e829b19fe91e24bab6ef20bcfab651b937b0f38eec840b58d0aed092a3bbedd2d6a95d5c150372a1e51087572de55672172adc1fc468a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a28bb0d36049e72d00393056dce10a26

SHA1
c753387b64cc15c0efc80084da393acdb4fc01d0

SHA256
684d797e28b7fd86af84bfb217d190e4f5e03d92092d988a6091b2c7bbbd67c1

SHA512
20940fee33aa2194c36a3db92d4fd314ce7eacc2aa745abec62aa031c2a53ba4ff89f2568626e7bd2536090175f8d045c3bb52c5faa5ecc8da8410ab5fc519f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
239KB

MD5
8a3343997119f05f93edd44791b78200

SHA1
d5c7bea1b79beed509aa4a3b3d7d65c88a761cf9

SHA256
aa57d045f3ecac86d07df3a47acd0c952918c767369facba59b95f6739ef57b5

SHA512
fa032739277264c13a7616e930b170994f852c55650f3cf290c9c1802b36d8389383b2c4a2770a92c595ec356f21813eb87722c6bd85f24e387aa30080ca6f30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
49KB

MD5
7ca090d5f0c1a9e7d42edb60ad4ec5e8

SHA1
7278dcacb472ec8a27af7fbc6f8212b21e191042

SHA256
4039fef5575ba88350a109b2c8d9aa107f583acb6cbe2ac8e609071567c4cc76

SHA512
c4f2d23eacf74f87de8dea6e4532b120253bb9ad356341532f5e1aaf2ce90d137f46b50df7de5250bce4eca1fbfb74da088accd7c626fa853dc524abad7bfe8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
635KB

MD5
b537ca5fec304dcf3ce3171edf1e8fa4

SHA1
52665eefc08697d21f82719269fbfef687a643d7

SHA256
50b93c8ccbf1304dde0b424bafadf2fb654597bf4a35def9f29356988dfeb2ca

SHA512
81ae8df536c60aa8eb9a687625a72de559d15018c5248e0bc12ce7ed45aa7b960e999b79a8e197c38ddde219aa942ba4534f154aa99386e5e242d18a7d76c805

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
34KB

MD5
e85ac71b59dadc1488a1c888db91c5ea

SHA1
a4aa7fc9226bd867a978945a27fd78a0a82cc994

SHA256
7441da6812af01a6eb9afa5d602986b233a57700cb721343b0aa9830a15def0d

SHA512
2b4d952a258f9001c2d8a42402c98788759138669750667524df2031d3926e21836b037974ded859bebf88fd9296791a6a2de65561b8098f066f9cbb8ae719ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
34KB

MD5
6242c13ec6b35fed918ab71eb096d097

SHA1
691e6865e78afb11d9070056ba6cd99bdad7b04e

SHA256
b1c7566622f40bad557a6c5b7bc5b8ae25b4da191ac716cc7923282eef96034c

SHA512
52914b4ca7362e9ebe326ea89006f5cc096fd4d1c360cae33ca768af92fe6fdb5078d0848fb6dc092848ba0e3d3f51bfb20a292250c35e8bd2e79fd5a19dd7b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
75KB

MD5
67fa4b1a0d94424683a84b659b25ef1e

SHA1
d38ce7ebaa15bc9f50545f0ba4ff5629e07b6699

SHA256
3ded7ec7df3e83a0c0536f184375f946650185fe887e49843ddf6a06aa4ee6ff

SHA512
f331a59877f32eed68ed9d8e300f12e0c14fb2721211bdc187820ecc8844f0138e007012244ecab9c51372d793c0c21c8d02fe2d36c6cfd38b81544a5eb87e82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
87KB

MD5
3bbb4044b1dc1cd0e6e726106e02bc4b

SHA1
4accd84ee7171cb974bae5f09c6c6712388ceaef

SHA256
88ac66f58a0b668d3e5c4eb0778fd1740e93e58b30531fe150d76ab4c131bfcb

SHA512
f97c831539bc58069dc939ff71327e4da3896e79cf16c21aa5c6e98d270ad1328acb9ee57a5b5af60ab9d0a71c8994851421f6a3a7a33f0f76ebac8bd5cad98d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
21KB

MD5
660c3b546f2a131de50b69b91f26c636

SHA1
70f80e7f10e1dd9180efe191ce92d28296ec9035

SHA256
fd91362b7111a0dcc85ef6bd9bc776881c7428f8631d5a32725711dce678bff9

SHA512
6be1e881fbb4a112440883aecb232c1afc28d0f247276ef3285b17b925ea0a5d3bac8eac6db906fc6ac64a4192dd740f5743ba62ba36d8204ff3e8669b123db2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
135KB

MD5
0130bb037e8d61660d96b2f2af4d9b43

SHA1
0e32764c308f04ad974d6d052b2578deae70f033

SHA256
55b74dbcee96ae6e6cb29b82d5c0a6218f511b76ba5981090944c0f823499ec9

SHA512
9a9fdd5e1848777ffcf3b751ac415fd51fe54fe343b8b8a9fcbe10d76b6d7f8037084bcbe17d805be587bbc4c9f5d30aefd59e80bb93c801a09f79ab21d8ae9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
73KB

MD5
eb0ab29ad52ca9b03da2eee8eaf58bc5

SHA1
43a13ccab2622c29c4902aa441217ad5149bbbe3

SHA256
3f5853f4b1602fa6a4a8575a0a676c160f6a624a6820f0a1b9a3266c319787f3

SHA512
ff7e7918652099325b0f96a7cd6ab71ef10c2d68e2c2e3fe212ccb7806a0b1c765f151e1027ccc88b447f15960f2a22697556381d55f96b99729f779a12d8014

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000047

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
7858ed9cceab2c18508dd4b07541e6e4

SHA1
23245e1a593aa58c703b0b3f19e123284e18b566

SHA256
29e0e2566589a0e10a9623fbcd913963f745ce06fdcacf972d7d2bc7d4b9a13b

SHA512
f7af38dc7d4feaaa9d131039c70647c3d0e032cdad59a7b251e6d607e32bdbeb29de30895159f26ccf02bf34c41ce421f67a56b514216c10315666e0e3c1d678

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
acf2347fff1a2bf98b0afe8a3ed6c82e

SHA1
7af5865d9a3f30de73e1917c9ff36bf8093d9e21

SHA256
906f91670573931ae735fa9fb3c7d9111af2eaa3bfe69d8c385497afac5c32ba

SHA512
72d826e19388c593a80f01b332e6aeaef1edaa5461f4f7bbf24daf2f1d193ba798eaa5b350bc6ca52b9512b0704518127eae34e9fe7f77d2dc3764dfd71d220a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
8321bc4ca3a3a467144c88ae1aef2446

SHA1
2b4150dd26760df4da85f46e40893a39edb8c6c1

SHA256
ad52d3c2ffede59df16ae0fdbb1e795c63942299fec623bf84c7cb0293dbad66

SHA512
5ee0167757bf5979e6ea1de493221caf5b6a7ab29131c464080eab16e45cbb182d5317277d9f1e91e07a6ce9209829c3765d5b6e7e71de675b49c15fb09ccf27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
b38031af0925284be4d53b92626a395f

SHA1
e8952b1015cc8de0ddca47110fd2501a7a232d74

SHA256
d21d6f20e7c75bbb4431aa5988b988ca8b26ff2215828bb2bb4da17cb6e42d59

SHA512
044b8318d538a545a7cff059915c504c68211b5b39c4ba00f6ea65e5dc86817dc73db7a081bb8cb0ce9a0cd8ea2fa31058f615dcd2635fc0ea49d5ae81952ebd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
9e3ca83b7142097517b07e9a8bcede21

SHA1
185ee3f1bb98e76b71643dfa49af97518bf97877

SHA256
fee297df5454fe7b1fb072a07cf0693b9605e2bc8ec447597b5452b195c88d4c

SHA512
5d35516fcfeef92b8071de5e52bca8b0782c510d404bbf0a0b9b99508141e4f8918b88c2648b0c6bf4af5cd00787dd3e3c5738cddc0e96bbea6423db2c74dc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
9KB

MD5
63fbf3a572594c7d00e360704ca467cf

SHA1
595da9512bf0b882493115e0170b48016581af1f

SHA256
1dab80c7c2c5f5b743b3d4d1984fca5cd3be99c4e467adc4b22d36c1529b4988

SHA512
3ca5c2c84ed9e1f95b579e1d101ca80ca5fd1d601e4a1dbeef14a4a3b9a730458d2164c33936f113cbaf8e1a293c00568303f81246d5449f45be7bfe01ce0e53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
ed135f96305bea056b5076543f1972d9

SHA1
24740aa0a2641a879b99bbace6acfefd6e212633

SHA256
c3b239b1de32308990da9d2cdbd1f9c2b8ad0622975a63c017678ae6d0c79b04

SHA512
5e23a8bc053dcff52ffceba65eb68eeca3018b4e46c0ee8ab1b094500a16aab0f621babfea6fb2f837e5bfa909bc8e67b286b5021bec7ba05af2881de0c89030

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
9KB

MD5
f7d802e05ea3e700cb7f111130de9965

SHA1
f3e9173658f11f37dc387453a70b86d3235100ae

SHA256
3a8075237844f80bc141872ce41588f60c13358913798640d79aa215ce839b94

SHA512
a8cf84d09b54be620606023d958a0fa2345981f0f950de968e5cb7859d0eb423b08150c9508c8f2d9b86898eec7395a51813495795f88bb8c24a6ddffde5242e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
d4d914aadd0bcd62420e68f811bf2aee

SHA1
b6616d23418a60c00d901a641c56d49d1deeac8d

SHA256
3eb6a5c68cb30431df6df6d310d8728478d6a0579cad5d5903c1e4c78334e9b8

SHA512
f66161365ec2a59c1960902ae652a9aefc67f46cc53e8f2aab8c90c56272ff314c75b0a6bd7ebde50fc85d58c1d33220075b76f55a9f28aae393637885311f81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
a7a46b9eea8267e10f6ef19d4438c82e

SHA1
0b6d3fdafd4f9b56d56ebb06fd13c012ec06bd2d

SHA256
d5b21de925dd5f39773f5056af496236c7ca3d4aca68fca138e5073ce9930054

SHA512
01b0fe686e16188e14105fbacb6823f217aa1edb78b5f1e559392879a526a5ffeeeaaead9696f469029838fcd55b50edf96ec69b863a9ae18de8ff219c383869

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
34abdcd06d9d9dd08c593e55c6b8ecc6

SHA1
059d81edee24304a8284361793987a947baa7f73

SHA256
284aa01bc1e3cf5fc04fe3204ef91951e2180b6b75aa7d1f3087f2bce58bb41b

SHA512
86c99dc02fd1955bc7f92a9288147d2ea30ff36eb819aff8aaf5351c963df6a45c691a54be41a3c72e0686ee539ae51ad06ba34bbe8276b0780f5b3054ed29f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
cbe22f4682e92feee06ca0191779f4d6

SHA1
030c3797c07578eadaab9398a5b2729fc2c9eb99

SHA256
aa74bd23bc3dd3dc3465b3d28cf97ebb636694978194c94a09c35780b692cafa

SHA512
35c73d3ae617ad2d74cc64a5697103e5e18784c2913d9190219264a20e43992a290e3dfd15758a83b17a6f430aa0f9aad4b6ae25dd65a6b9bad3c86fa63e862f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8141294508d0f93949c9cde4c0bdc961

SHA1
a817cf07606abf557992070f978702a0083336da

SHA256
aba0f8b6e84449ef02d4f784e9f8e3918f9821f863adcd8caec8214a26126eb1

SHA512
89c3954dded9257d4e4a3f1bed8192a0f51b0b7c067fc0ad8c2de251c65c26a63f953821ab55dda0d7a8ed74786177f2b1b0913b4f9f906e17b6b03bef4e9ca0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
45b3ba56d222f126df7a18ed5caa7480

SHA1
c65f2c1299fff597b14db8741cbe5ac17644b42a

SHA256
197885eff22e353015acb5f5344476194eea16063a207434130798f2019ed2f7

SHA512
778b265b78f74adc297915123fe68f0ea5bb336ddf97cc706984b28ceef68a2beb8b2fee4445373655a468f982447146db6ad7fe5e83c08ff911e27c7debcedc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b63616083a43d6fd598a81f1dee9a591

SHA1
37213a00f3191c3f96812449dfeb460bacc0262e

SHA256
c4fcfd150d08915eb772a89fcf88d1e0d5c5f0ded0cf3244f7d3ee2a43257886

SHA512
cd1d8ea8dc95b2eeeada0a6093e4e728af7bea10e3b6b54220aabcefe9f3abb082dc5f8f804498b2144978e2f1eddbbe26387764076172869a48ec23c7435e4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
50d806b68d0b88e4cd6cb69f2b121703

SHA1
f1ac7cc1ad2e744453c59ce03b024f8431c1863e

SHA256
2fc88a3d7ed5a51d1027ce9c0016214f6dda956ef4afd1dbef72e4656b7a6fc2

SHA512
e7f2d61f9e0fb5c4844917a55e0bcb0abb3b9df01bc4b6f96228a9ec8ad57e215b647bcb0d45db799ca76de841d27f35db6deaa5b44f5f95f1e37caf3eb2bf93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
847dd1005052b2ecca675b35516f443c

SHA1
2037e192ed6b417e5b91632be8170c697e24f610

SHA256
8923fdc0a0ae2ea7c268352d8b5544a3c2ad5eb27367806759867e82797f6d37

SHA512
84ad2bb7ea7d4c25cd20348ac8b8d953de3c01d6c51c01262e399357d697cbfc9ccf717f5e74ed4b35620cf9887f458553c67404c240079bbe21b659339b5943

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\2df1f7f9-e7e3-46b0-ba43-e7807651b2a6\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\4f79d41c-9091-44af-b2ac-313385d50a7c\index-dir\the-real-index

Filesize
600B

MD5
221b45da061e81fdc1a5d9d8819b9850

SHA1
ffe497c661e6aa5c97d747d5ac707ecac443b003

SHA256
d86e2bba99fb32fd2556700bc5cb30a6e1b7d5085e7dc1b0687e9402f8e81fda

SHA512
cecee92220ea587f5f3f3bc184be9e15c8a5a5d33ab0838585665c1b1bfa552f98fa867c377eb4e7e3506f8ee1a6ba1e65b950690b6a81ed4db3f9df2f4b2a88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\4f79d41c-9091-44af-b2ac-313385d50a7c\index-dir\the-real-index~RFe582594.TMP

Filesize
48B

MD5
5690ed8d15648f9474a5000a2fe03a0a

SHA1
92e67b1a32cc1ea99d9d7dd428e526fa5b0bd2ec

SHA256
149cc3bf0ca89eb43186e3888e1e446d16cb547861038eaf96a28cca34ad87cc

SHA512
a04f26e1c0fbc093e24c7ac76d112068a29dc7d874294e3e467be140019abdc9370d2737cde5373de65e6b35673fd58545347500cf60fcf756d054c72c65392f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\8a7b15ce-30c7-4a8e-8319-c3e9a4ce9ee9\index-dir\the-real-index

Filesize
2KB

MD5
03ceee51e4635cdec62f1e2a44624e7c

SHA1
c624a2d09471bac7e7e33859d8d3d949e4cda06f

SHA256
4e6c03cf457f10d37a49a274ec73f599701918bc1bb3a1f639ed39be752c8e52

SHA512
82a94ada5d44a6e6fd23a408052ad7bfea90364872dd041e559b7cae2b9841de3ef1a2cb0b0cfcab545dab23e036cbc8364f29d3dfe54e00095d1ce944eaecec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\8a7b15ce-30c7-4a8e-8319-c3e9a4ce9ee9\index-dir\the-real-index

Filesize
2KB

MD5
eaa6ad7d96ae749b610070a595712db1

SHA1
09cf05698f1127503d8c688993d22a8a4357381b

SHA256
7f45dc0b1b648312a5f6d8b5b05c5a558afcc656bf70b020578e599cf505f9a5

SHA512
97ef8dc2db45194d3873522b1f2416978b279fed6a2c10ef14bd53aa77835de95f43611c451ba331112805f87359b28960632da2c69a1024fc408cf476be907a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\8a7b15ce-30c7-4a8e-8319-c3e9a4ce9ee9\index-dir\the-real-index~RFe57cc39.TMP

Filesize
48B

MD5
df7d01910e6729d373b301e9dcfeba45

SHA1
fa090da40d44c75448ec7413cb6c868936c73f00

SHA256
5f2b06a95f34ec94f45340adc5a2f922f575c0fa3d2a5087d3222ef2884fc56a

SHA512
f5b12cc8857a19284b95d150e8232e6bf1fa1955df9741c7339a8feb3038d5c3697419e3258d8e94ec89ed001e9c5e163f090e9b88236cc37a08a2c97d394ebb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
18cbc22649f826ac20f4e6cb6b5dc418

SHA1
ed1d5bf0c1b8e6335d59144bbf58e7936e4396d2

SHA256
cc03e50fc4d725987e2bb04a2ec5b1798abdbc6615cb4e3219a0e5927da7621f

SHA512
0f35306f1028db09edbd126f3b97125e88d2da96be7b2d52a9582bb2f00707f6a1ae7ef1ea3113bd8dd5b3ef1a14de75e393675221789644cfaa8128c4d989a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
372cabc463a2182eb4267d1dad391021

SHA1
94b06a4abe77f6d929305ebed3b33762672dd779

SHA256
f827972d6bddff0931ab0e98121b66f7c0a38250cd065290d87ce02ec0a9160c

SHA512
1dfccc9369a7c5cddb33de4f271e4dccb7c1042ea024a77c4097fd5e9f142f4c055636c92ee82fc7b8e0012615deff85ea42e1c063eba9f2b5ace0e70f7b372c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
148B

MD5
ee10935e17a840aff09b0270d81f9018

SHA1
14a2d299b45b548aed17a60bf7f9325fe0d7fcce

SHA256
987d5f09bbbb04e41e886213ee8b164729a19eff5bfa45e72a8f07d48f2c4278

SHA512
635a6d566e1987e6e653b976b9d2e96ce27a23e6169665242599d95595b50ce4129bc644639d8984174ad1d7946169537b975379900504ea7f50094be33e9ee7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
157B

MD5
183d742d7f88b6f16b7625c19096b90d

SHA1
ff471e1b675fad1df90980a5b538bf3c6bc5f9c6

SHA256
e3eaa672c4e92f7b3bb1fee8d9e759f2221b72ad2e34daa4a65188cbea0db80c

SHA512
961bed4429402acca0e317727f2d64d6dc190eebcfa53994b38728861b06297964f501cc4e09938ff96f8f896cd237d17e9022440ad11d191cddea9e727f4d25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
d7d5505fbe8c22ed69f1d704f023073f

SHA1
80dc2e58fa4b44594aca9b77079b6ef382a0b935

SHA256
16ff889986e9f644c16979e8e677fad3d79040fe3164d50161825072d381954d

SHA512
21b46b755dc499de87f3a8c2e838712bd9404654e7d9d509f7ec0bf269ac4cbfa1d05d439a7dc58f521bfefeb41123b39ee7e712e3831696e77edb04095636b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
d1e17171cf4cc5ec58c07645b09a7db9

SHA1
f9a48023e986c0bb3810d40a05a98f3e7fbe09a1

SHA256
7b0b676f9052153c3934d2c47dc884d08c60fa5328c05a0aaa196bc3c75436ff

SHA512
e1244aa20589468db611752b26a7317146e0f2ee458256e5adb05f8d72282e10db610b1524018a2c966b0b3f2f42edcb22899fc35c05f5151c3d210d660d27e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
5e9993014d2adb01122f0e9b6a77fb1e

SHA1
480fa29db40923f386cc600768d9fc3ec638159e

SHA256
95beaf9af4501f56dc474a8b91d333f283260503624cd8917f28723571feb54a

SHA512
e4eb8fdbb0e0477ea9d5dd8e477ab9808f18d4e9680ce3d65ad751a4e58e688713f48f48506b7a67b0e0b2d17e7aef9f65c7048ce9688daf6bc77070126fe86a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
bad40695cdf5901a2d029c02bc1503ce

SHA1
d91fea0853575b47dd1bb287ce9164221c89a33d

SHA256
484728f83dcc95bab9376d289911e83dabe0a3a197f0935b7ef8d33599146989

SHA512
5adc249b9af0a83de23a7f159774b21244fb974055c5d7ddd0d7ba99949c37274ba6e46bc5c0436a4db02a0e0bd164af818c03c9539375a4d82a8b58918fe7f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
71745d5d04453006b8cc941d6ace9d5b

SHA1
dcb808d03762dca92ff454747b28429e00794ee8

SHA256
1d8433f05c854d86abbe5db1398ab228f1a2bbf75342825cfdb958a6d3932328

SHA512
0363fe479de3d1f49617f10eb797d0ed519ccffe30ab9b1e832594dba663e3d079e0caf4580608b2c30e2f4773a98704ee98db134d08bab4a91dd21262296e56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe581f4b.TMP

Filesize
48B

MD5
a9a17e37db99392645b60e21a2d9b48b

SHA1
3993289acd06668e032e056d1a94ad3876df3cf4

SHA256
0ef4b97b595a0c7289a9dfbf194a33555378b368075fa6463a29dbfeb6e187e4

SHA512
ee16f00d1f82499bd3039f9517821a3072ac5a8744a784079dfb4321fbb5129db519234310ced0a2e40aae6135a6214db5e234ffd01368420cb1fc49c2cc790d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a396cca17cba4d76a2800575be63797f

SHA1
966af27d6257eac2e03a7cb67a8179f4aeb607e4

SHA256
c058639418aa679eb66d6592bb7ec240f3567985834448df927e8d9f353bbb3c

SHA512
34d38339f65f23ff7ef1cb17b27dd00ce89914b5951639176e66f3b4ab1a5218a7c364b19ea6da81cc0c82f8d738083079b9f2559afb7887b23b12caefd1bc7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
6f49dab81af37a8949c6fa49cca848b1

SHA1
15cb0526652566db639c553204d6340fd8ce03ac

SHA256
e0d64a1cf393209e20a778fb505676b6f1e2fe228277a83cc83c7bb8752c94ba

SHA512
4a6837f2c18b82d58414042628873ea3d619c3b76f6542d468577ee3dbb353063877987c17cb44516ae34793517cea312b3852b711a0363997b940fe2c790a28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
dc28cc6c6cc9b65904e4ae2dd9d0f92b

SHA1
e9750e1e248c029bfd14d672e6d0f7c484d14c54

SHA256
0b06bd25d6a25da778429ed1a1046ed8be4bfb0cc2019ddaf64cd296881d6e94

SHA512
2501eb01e06768cfb4941a1c2938b22116fa0b7c45349de902b1007b0579dfcf1b9091864d21dcdba7bd34a6858dca6be8478d2e8c744fadde4ecaa642bf46c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8b34d86c05f0f2e6fcd136deefdbf93a

SHA1
40b9546ce7c78a98666bc0d53ec5a5bd08e73aff

SHA256
2a5613023b92fa0245cc0ef9900272a73a595bbbd24764c1697ac0df00eba309

SHA512
1f3f4c6089e3ac9d92ea13fb0b2884233d37d3a5220388022c1e0886acbb0e51eec7dc0df0b3bd7505c6ee0e8f08b17c63deb2550c498ed3a0b736f69a1fca05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
0043a71ed57f52cfce3683cef95a42b6

SHA1
1fa97e874599f2d32b160994ff13c519ab9fb3cd

SHA256
8691b9d9c9496a19fde923daf362df1f8774179281ccb6c3718eb8c7a960406d

SHA512
85ce1c0eef5afc63eb7f50f701a4894d213208bfd0a63a99037f69f2f060ae66e40f50d7ec3241786b9ae3f54fa57ff83f0f0625035f7f64a0a36703b52c9ec2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
874e60c16926aaed8d698df3e6d1277a

SHA1
2dde7010e5ae88a787489b1b00baf57ada00b9bc

SHA256
3fa202d61decdc9ef7c5ad7b5bbc015a6ffdf76fae2b45ddc0c7810e9ebfcac9

SHA512
b4f098480e7e36021a9104cdae38d2832a0d9a9ca6ee61ff6277cf28d56205278fe53917480050219882359fd874a5ae174c650711ef90b48085880014d5eb7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ff01.TMP

Filesize
706B

MD5
0c226d2c7ef91d940256f5ac4279df25

SHA1
6cbd0fe0a0bb9e50a6a82e65636d9fa611ba2bd3

SHA256
a6d30867d7f79bce8540f3cd9c68975ae3a7c96e3d26575e6e80de4d5f040a3f

SHA512
c1e46d55c0467e7530a6d8a51aab7326dc3f53e33d2b1a5679ae0a0dcfeeb0ab630baad8b1ab6c234d33f4814b1075cc6539604f91fcfad13584a436cdd7a7db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a8cdee4823a9c8f6c6a81b8f5eafca65

SHA1
cf669e8d8f3a1916c76b2c61656130f1f6a5ba68

SHA256
3bce0ab0151e1e40379c594f6a233f7d0be933771d6a62b164ae6d652c0c8fb5

SHA512
4ea7d60d78b76a66123fd4639324fb11bdb507c88866b20f68a08c66458bb153247b132fc238761afa1bc82de8a049d860b97b230d491a02728c005a980a01bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6fcd4119e7e6935c86121f14af4b9bf1

SHA1
208661af768d7a8c0f9a265785f176960e03d9cb

SHA256
5727481822ea7b6100f96808f51fcd7d0a2e156c99b40db49f4f476d2f5b5d60

SHA512
b91ebc8c8a6391239e364416cabf3e4b4d9d9f0c013efc4ffa8d3c54837d5dabdd2d2fc69661263c4f572cd997e308d0ba36d7979c1929e33c515dd436927ba9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b49f8f7cf831e6e181111781b550a7c7

SHA1
a8344fa7d90e61447c85448ec93ebec54528cc59

SHA256
8700d6c77c6ddb7c9c3f33c963750109aaa759374a37ef1eb2ab3e2f6a7c4d00

SHA512
25cb381d293c8662b39b24d4146791ab73d2d838f643a9095737cf328365d8790543a6cd07eb4a42971ea2d429f813ae92625983511e1b5b3a5999ee2fe39dcb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b0f810f3aca4ff1cc9418441891d0ba4

SHA1
0ab48ac7aa9bed6be3a718f087a495cab361bbd5

SHA256
8145afa5af6fdad06f22bafb051947a0b5ab581242c4c01459a051ed9d5c60e9

SHA512
351788551f5b98eb0f736363a01a787ea006accc601dbcc53e2cdc7733701271100411a67ad15b69270a8c3ff91f2e172c998368378ab102ccdd14bca8b3e0d3

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\f83a46bb-160b-4c9f-a38f-53a03ee87e29.down_data

Filesize
555KB

MD5
5683c0028832cae4ef93ca39c8ac5029

SHA1
248755e4e1db552e0b6f8651b04ca6d1b31a86fb

SHA256
855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

SHA512
aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
ad7a569bafd3a938fe348f531b8ef332

SHA1
7fdd2f52d07640047bb62e0f3d3c946ddd85c227

SHA256
f0e06109256d5577e9f62db2c398974c5002bd6d08892f20517760601b705309

SHA512
b762bae338690082d817b3008144926498a1bd2d6d99be33e513c43515808f9a3184bd10254e5c6a1ff90a9211653f066050249030ad9fe0460ec88335b3d423

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\5cd5605e-1df4-45db-8a54-2d95503c3ed6.tmp

Filesize
1.7MB

MD5
3d83147d6ca54f1844632587a7a42560

SHA1
90d063ee91b01c73f253c93fd44fdb6ca0ca9643

SHA256
a38b1a43ff769284682612b4a44a6702ac2192a265a59046b642aecddcd46c33

SHA512
e0b86abf4a27940907eb9c6fc3a6ac1b8fce80b65a5f2b99e3a866a08037ca2f33909454a5780eb23954119ba25bdd27b744e6be79621bbd3cd3bfbfc2de26ed

Download Submit
C:\Users\Admin\Downloads\Vanta.zip

Filesize
7.7MB

MD5
063c4936dfc41b919143cf2b21893741

SHA1
cb95044aba122cf350df51bb51073075db848f19

SHA256
de9b37546d621e576be5821c784a6dab90dc9438523603175833f41b25e4000d

SHA512
4e221a6c9e07ed8b1dcf6661efa1fddc8195878390d65bae2fb1dfa71084c7be95a51880ef68acca1b81c6a93f53efd344442159b239d5ba8879a5c8b02e9955

Download Submit
C:\Users\Admin\Downloads\Vanta.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
memory/5012-1362-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/5012-1361-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download